This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.
Today world is blessed with advancement in technology where everyone is connected via Mobile communications. Mobile communication is dominating the communication industry with variety of features to offer to the end customer. With growing Mobile users across the world security has become an important aspect to every communication industry; To study the security aspects in the current trend we have chosen two major communication industries and analysed how the security is handled in each company.
The communication industries that we have chosen are:
BT (British Telecom)
BSNL (Bharat Sanchar Nigam Limited)
History of Mobile Communication Industries
2.1 History of Mobile Communications
Mobile communications though was introduced several years back, the users were increased predominantly only in late 1990's and slowly it started to prove its dominance by the end of decade and by the year 2000 there were 500 Million mobile users. The maximum growth took place in year 2001 where there were enormous increase of Second Generation cellular networks, Wireless Networks and Digital Broadcast Systems. But later second generation mobile communication systems were replaced by Third Generation Mobile System which we are using right now. 
The discovery of GSM network provided the first wide-area coverage for mobile access to multimedia and data. Corporate users were first to use these devices as it provided fast and secure access to the latest information. The first example of a multimedia terminal was Nokia's communicator, which appeared in late 1996. This was an integrated mobile phone and personal organiser with voice, short message service, data and fax access and Internet browser. Within five years, most of the personal organisers of the day included access to mobile data using GSM's packet radio system. This was quickly followed u a range of 'GSM appliances' which brought about the advent of machine-to-machine communications. 
History of British Telecom
British Telecom which is popularly known as BT which is one of the biggest Telecom industries in the world with third of its revenue coming from Global services. British Telecom used to be part of Post Office Telecommunications Company but was privatised and introduced to the world with a two lettered word know as BT (British Telecom) in 1984.
British Telecom being the one of the biggest Telecom Industries in the world, Mobile Communications security has become an utmost important factor to prevent misuse of the Telecommunications by the unwanted people.
History of BSNL
Bharat Sanchar Nigam limited is the sixth largest telecommunications company in the world and the first in India. BSNL being the oldest and biggest telecommunications company in India, it has largest number of subscribers and hence there is a necessity to implement Mobile Communications security in the network. BSNL holds 90 Million customers as of June 2008 and it is still going strong.
BSNL used to be the only telecom service provider in India but later many other providers added in the list like Airtel, Tata and Vodafone etc. It is utmost important to study and analyse the methods used in different communications industries and the impact that would form the user perspective.
Mobile Communications Security
Mobile phone systems were developed in a way that phone initiates a wireless connection to a base station. The area covered by a Base Station is a cell. The base station forwards the connection to a base station controller, which then forwards to a fixed network. First generation mobile systems were analog. The security that first generation mobile phones have was there used to be a secret user identifier set in the network. When mobile phones try to contact the network they have to enter the secret number just like giving username and password to the computer but soon hackers reprogrammed their mobile devices so that they could use other mobile user accounts. This lead to the development of tight security.
This paper deals with comparing the different authentication protocols used in BT and BSNL and the way the customers are identified when any user gives a call and how the security is handled at service provider. 
Methods used for Identification
4.1 Extensible Authentication Protocol in BT (EAP)
This protocol can be used for authentication and session key distribution using the Global Systems (GSM) Subscriber Identity module. Global systems for Mobile Communications is a second generation network standard. Second Generation mobile networks and third generation mobile networks use different authentication and key agreement mechanisms. EAP-AKA is an authentication method based on the Authentication and Key Agreement (AKA) mechanism used in 3rd generation mobile devices. 
In this type authentication method there is a usage of challenge-response mechanism. Key Derivation algorithms and A3/A8 authentication that run on the SIM will be given 128-bit random number (RAND). SIM which consists of operator-specific algorithms, take the RAND and secret key Ki (Stored on SIM) as input and generates a 32-bit response (SRES) and a 64-bit long Key Kc as output. Kc key is used as an encryption key in air interface and is used for deriving keying material. Hence the secrecy of Kc is critical to the security of EAP (Extensible Authentication Protocol) [5, 6]
In EAP model the authenticator / EAP server sends the EAP-Request / Identity packet to the peer for whom the peer responds with the EAP Response / Identity which contains the user's identity. Usually "Global Systems for Mobile Communications" subscribers are identified with the IMSI (International Mobile Subscriber Identity) which consists of not more than 15-dgits. These 15 digits are divided into different parts where each part has specific role to play like one part describes the area and the other part may describe the user identity. 
Figure 1- EAP Model 
EAP-SIM includes identity privacy (Anonymous) that can be used to hide clear text which describes the identity of the user to prevent attacks. There are three different types of usernames in EAP-SIM Peer identity:
Fast re-authentication usernames [5, 6]
Authentication Method in BSNL
BSNL is still using 2G technologies in their mobile communication system and hence the authentication methods followed in BSNL are bit old when compared to the authentication systems implemented in British Telecom. The security requirements for mobile communications both wireless and wire line, shall include the following features:
Authentication of mobile user or Mobile Station (MS)
Authentication of the location databases, such as Visitor's location Register/ Home location Register (VLR/HLR)
Data confidentiality between Mobile Station and Visitor's Location Register or between Visitor's location Register and the fixed station or the fixed destination.
Data confidentiality between Visitor's Location Register and Visitor's Location Register and Visitor's Location Register/ Home Visitor's Location Register.
Location confidentiality of Mobile Station or Mobile user.
Today's GSM(mobile) security implementations are based on techniques like encryption algorithms. A3, A5 and A8 are some of the cryptographic techniques used in GSM protocols. A8 generates session key Kc by a public key one way function; A3 consists of single way function which is utilized by AuC and subscriber to calculate Signed Result - 'SRES'. A5 have a single-way encryption and decryption algorithm using Kc by Base Station and Mobile Subscriber. When Ki, RAND are used as inputs; Kc and SRES are created by A3 and A8 algorithms.
SRES = A3 (Ki, RAND), Kc = A8(Ki, RAND):
Output of RAND cannot be predicted. With A5, Kc is used to encrypt/decrypt signalling information, data and voice on radio interface,
Ciphertext =A5 (Kc, Message),
Message=A5 (Kc, Ciphertext):
The current GSM authentication of MS is described in the top portion of figure 2. Each subscriber gets a unique IMSI and one secret key, Ki, from AuC during registration. In the authentication process, the AuC/HLR is applied to generate several triplets, (RAND, SRES, Kc), say n copies, for a given IMSI at a time, and passes them back to Visitor Location Register for saving and further usage. To verifying the subscriber identity, RAND is sent to Mobile Subscriber by VLR by choosing a pair (RAND, SRES). MS uses this RAND and its Ki to compute a SRES, and then sends the result back to the VLR. VLR checks the result with the stored SRES. Once a correct match occurs, the subscriber is recognized as an authorized user; otherwise, the VLR will reject the subscriber's access to the system. In this protocol, it is not required for the VLR to recognize the Ki, or even the A3 algorithm, to authenticate an MS. By the same token, an AuC must compute n copies of (RANDi, SRESi, Kci) in advance for each subscriber in the HLR, and send them to VLR where the MS is visiting. 
Figure 2 - GSM Authentication Model
Roadmap Leading to the Current Identification Methods
GSM is proving its dominance in Mobile Communications with its unique features to offer to the end customers. 3G Technology has given a way towards a new field in the field of Mobile Communications. Approximately 60% of the world population has Mobile devices which are predominantly used for voice communication and data still remains as a small component but with the new technologies in place, slowly people are getting habituated to 3G technologies as it has got more to offer.
Though current Mobile Communication technologies provide enough security to the mobile subscribers there is still a chance where there is a possibility of eavesdropping into the network; to prevent this there are new technologies being developed and hence new authentication systems are being developed. In 3GPP/ UMTS model the authentication is supported mutually thus enabling extra security to the end subscriber.
The new technology at present is public wireless LAN. Wireless LAN technologies such as IEEE 802.11b were designed as means of creating networks for homes, business, university etc and there is no built-in security for these networks but WEP (Wireless Equivalent Protocol) or WPA (WiFi Protected Access) were developed to prevent people from cracking into the network. In their present scenario, WLANs cannot compete with UMTS (3G) in terms of Quality of Service (QoS), coverage and security. 4G technologies is being developed to improve the quality of service that present 3G technology is offering, it is being said that the 4G technology may give seamless access to the multimedia services. Some of the features offered by 4G technologies are:
Live Streaming at minimum transfer rate of 8mbps and maximum transfer rate of 100mbps.
Provides Broad band services
4G has more Bandwidth than previous technologies.
Impact of Identification Methods on Clients and Organizations
The identification methods described above ensures the subscribers that they are safe and no fear of people cracking the network. The impact of a successful attack on a mobile operator's network could result in any number of multiple outcomes:
Disturbance of voice and noise in service
Loss in cost minutes
Decrease in goodwill and decrease in customer satisfaction
Increase in call centre calls
All the above factors impact the organization and service operator resulting in revenue loss to both parties thus increasing the scope for dissatisfaction at both ends. These factors should be taken into consideration carefully to avoid the loss among both parties.
Risks Involved when collecting Personal Information
Now a days every service provider is storing personal information of their subscribers in form of electronic media. Though they are stored in a view of safety, there are certain risks involved when collecting personal data. Mainly if the personal data of the subscribers goes in the hands of wrong person, he may use that data for criminal purposes and the most noted form of misuse is advertising. Service Providers sell the personal data to the third party companies for advertising purpose.
Advertising companies use the data collected by the service providers to advertise various products by calling the subscribers in wrong time. This may pose to the subscribers as disturbance if the advertising company calls them if they are doing something serious which ultimately results in losing the subscribers. Main risks of collecting personal data are:
Loss of privacy
Risk of misuse of data for criminal purposes
Permanent storage of data may lead to lock of users.
This paper described the identification methods used in Mobile Communications and their effects on the clients and organizations. Having discussed all the methods in the paper we need to look forward for the emerging technologies like 4G which is expected to deliver most promising features like live streaming, super fast internet etc.
Mobile Communication security should be further improved in such a way that they pose no harm to the subscribers of the service provider.